We're in closed beta now and will have more to share publicly soon. Would be happy to chat though, so I'll reach out if you sign up for the beta invite list on our site or shoot a note to hello@deref.io
I think AWS console has a lot of room for improvement. However, I think of it as a feature, since I'm trying very hard to have people do everything in the infra as code, rather than clicking buttons, and the worse the console is, the better ;)
I've talked to _lots_ of folks who have nearly 100% IaC coverage, including folks who only expose read-only console access to the majority of their devs. But I haven't met anyone who has successfully managed to avoid logging in to the console during production incidents to debug things.
One feature we're looking at potentially adding is "Go To Definition", that lets you go from the AWS Console and jump directly to the Terraform code that produced that resource. Would that be useful to you?
Anything that we could do to assuage your concerns?
For what it's worth, we're trying to be extremely thoughtful about security. If it helps (or hurts?), we're a venture backed company, have a published privacy policy, etc. We don't include any anonymous identity tracking, nor do we do any resource crawling, or anything like that. For the CloudTrail feature, we do hit a read-only API endpoint using your browser session, but we don't send any of that data to our servers. We'd never hit any read/write endpoints without you properly granting us an IAM role.
Actually, when I checked your website and found that you're venture-backed that made me feel safer. Ultimately, though, the problem is that the tool has too much access. I might prefer to use a role provisioned into my account to use a dedicated better console experience way before I would use the extension (it acting as me is too much exposure for me). As it so happens I find the console not too bad as it stands so maybe that's part of it.
I know you guys are well-intentioned and I'm trying to help you here by finding out what the key thing is that would make me comfortable and I'm really coming up with nothing. I just think it's too much power to get not that much utility for me.
However, I have used those extensions that merge Google Calendar events together and that was borderline for me. I think if I had a tool that would generate Terraform based on the summary page of an AWS construct I might consider using the extension. It would still be a reach though.
> if I had a tool that would generate Terraform based on the summary page of an AWS construct
This is definitely something we've considered. Our primary platform over at https://www.deref.io/ (still in closed beta) can export resources to Terraform or Pulumi. Video from a few months ago available here: https://youtu.be/DsZsYs_N4NU – If that's interesting to you, drop us a note at hello@deref.io and we can talk about your needs.
I think it's taking it's naming from "Reddit Enhancement Suite". I've seen a couple other extensions also go with that naming convention such as "Google Meet Enhancement Suite".
Isn't there a trademark infringement risk to put the AWS brand as the lead item? I'm surprised AWS approves of that vs the more common for AWS model for third parties targeting AWS. But great to hear AWS have such a relaxed view. The legal side would probably throw a fuss over this type of thing.
If there's one website I would never in a million years let a closed-source, venture-backed browser extension inject content into, it's console.aws.amazon.com. What a terrifying thought...
AWS is one of the main examples of why I miss the days when things had dedicated, native applications. I can imagine the AWS console being so much easier to use if it was something like Intellij. I don't even like Intellij compared to Sublime, but at least Intellij has an undeniable amount of power and customization. Meanwhile the AWS console is a drag to use and gets worse if you use the new UIs
32 comments
[ 3.7 ms ] story [ 94.6 ms ] threadIn our customer discovery calls, we've heard so much about how folks dislike the AWS Console. We figured we should do something about that!
This extension is super early days, but we'd love for it to grow. Feedback welcome!
email: hello@deref.io
twitter: @deref_inc
Can you share more about that?
The Chrome extension asks for permission to "Read and change your data on all auth0.com sites, all aws.amazon.com sites, and all deref.io sites"
That's a LOT of power to give some random extension to my AWS account. I'm not going to do that unless I know EXACTLY what it does, how, and why.
The vaguer you are, the less I trust you.
And that doesn't get into why this extension also needs access to auth0 which is not described in the overview at all.
As for the auth0.com access, that's a bug! It's fixed in the next release. Sorry about that.
EDIT: The extension is also open source, if that's helpful at all - https://github.com/deref/deref-browser-extensions
I've talked to _lots_ of folks who have nearly 100% IaC coverage, including folks who only expose read-only console access to the majority of their devs. But I haven't met anyone who has successfully managed to avoid logging in to the console during production incidents to debug things.
One feature we're looking at potentially adding is "Go To Definition", that lets you go from the AWS Console and jump directly to the Terraform code that produced that resource. Would that be useful to you?
That's a bingo.
And yes, jumping to terraform would indeed be a useful feature to have :)
I guess I could load it unpacked but the utility isn't high enough for me to go through the source myself.
For what it's worth, we're trying to be extremely thoughtful about security. If it helps (or hurts?), we're a venture backed company, have a published privacy policy, etc. We don't include any anonymous identity tracking, nor do we do any resource crawling, or anything like that. For the CloudTrail feature, we do hit a read-only API endpoint using your browser session, but we don't send any of that data to our servers. We'd never hit any read/write endpoints without you properly granting us an IAM role.
I know you guys are well-intentioned and I'm trying to help you here by finding out what the key thing is that would make me comfortable and I'm really coming up with nothing. I just think it's too much power to get not that much utility for me.
Sorry I couldn't come up with anything concrete.
I'm most interested in this:
> too much power to get not that much utility
Is there something that pains you enough that if you had a fix for it, you'd overlook your security concerns?
However, I have used those extensions that merge Google Calendar events together and that was borderline for me. I think if I had a tool that would generate Terraform based on the summary page of an AWS construct I might consider using the extension. It would still be a reach though.
This is definitely something we've considered. Our primary platform over at https://www.deref.io/ (still in closed beta) can export resources to Terraform or Pulumi. Video from a few months ago available here: https://youtu.be/DsZsYs_N4NU – If that's interesting to you, drop us a note at hello@deref.io and we can talk about your needs.
Enhancement Suite for AWS or
Deref Enhancement Suite for AWS
to avoid confusion?
Why do you believe that? https://github.com/deref/deref-browser-extensions
of course, code obfuscation is a thing.